Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0721 SUSE Enterprise 11 SP3 kernel updated for Meltdown (improved retpoline fix), others 13 March 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: SUSE Operating System: SUSE Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1000004 CVE-2018-5333 CVE-2018-5332 CVE-2017-18079 CVE-2017-18017 CVE-2017-17741 CVE-2017-13215 CVE-2017-5715 Reference: ASB-2018.0002.4 ESB-2018.0577 ESB-2018.0042.2 Original Bulletin: https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:0660-1 Rating: important References: #1012382 #1054305 #1060279 #1068032 #1068984 #1070781 #1073311 #1074488 #1074621 #1075091 #1075410 #1075617 #1075621 #1075908 #1075994 #1076017 #1076154 #1076278 #1076849 #1077406 #1077560 #1077922 Cross-References: CVE-2017-13215 CVE-2017-17741 CVE-2017-18017 CVE-2017-18079 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 Affected Products: SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 14 fixes is now available. Description: The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - cdc-acm: apply quirk for card reader (bsc#1060279). - Enable CPU vulnerabilities reporting via sysfs - fork: clear thread stack upon allocation (bsc#1077560). - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - Move kABI fixup for retpolines to proper place. - powerpc/vdso64: Use double word compare on pointers (bsc#1070781). - s390: add ppa to the idle loop (bnc#1077406, LTC#163910). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741). - storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091). - x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278). - x86/kaiser: use trampoline stack for kernel entry. - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305). - x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305). - x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-kernel-20180212-13505=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-20180212-13505=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-kernel-20180212-13505=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-kernel-20180212-13505=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): kernel-default-3.0.101-0.47.106.19.1 kernel-default-base-3.0.101-0.47.106.19.1 kernel-default-devel-3.0.101-0.47.106.19.1 kernel-source-3.0.101-0.47.106.19.1 kernel-syms-3.0.101-0.47.106.19.1 kernel-trace-3.0.101-0.47.106.19.1 kernel-trace-base-3.0.101-0.47.106.19.1 kernel-trace-devel-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64): kernel-ec2-3.0.101-0.47.106.19.1 kernel-ec2-base-3.0.101-0.47.106.19.1 kernel-ec2-devel-3.0.101-0.47.106.19.1 kernel-xen-3.0.101-0.47.106.19.1 kernel-xen-base-3.0.101-0.47.106.19.1 kernel-xen-devel-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64): kernel-bigsmp-3.0.101-0.47.106.19.1 kernel-bigsmp-base-3.0.101-0.47.106.19.1 kernel-bigsmp-devel-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x): kernel-default-man-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586): kernel-pae-3.0.101-0.47.106.19.1 kernel-pae-base-3.0.101-0.47.106.19.1 kernel-pae-devel-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-bigsmp-extra-3.0.101-0.47.106.19.1 kernel-trace-extra-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): kernel-default-3.0.101-0.47.106.19.1 kernel-default-base-3.0.101-0.47.106.19.1 kernel-default-devel-3.0.101-0.47.106.19.1 kernel-ec2-3.0.101-0.47.106.19.1 kernel-ec2-base-3.0.101-0.47.106.19.1 kernel-ec2-devel-3.0.101-0.47.106.19.1 kernel-pae-3.0.101-0.47.106.19.1 kernel-pae-base-3.0.101-0.47.106.19.1 kernel-pae-devel-3.0.101-0.47.106.19.1 kernel-source-3.0.101-0.47.106.19.1 kernel-syms-3.0.101-0.47.106.19.1 kernel-trace-3.0.101-0.47.106.19.1 kernel-trace-base-3.0.101-0.47.106.19.1 kernel-trace-devel-3.0.101-0.47.106.19.1 kernel-xen-3.0.101-0.47.106.19.1 kernel-xen-base-3.0.101-0.47.106.19.1 kernel-xen-devel-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): kernel-default-debuginfo-3.0.101-0.47.106.19.1 kernel-default-debugsource-3.0.101-0.47.106.19.1 kernel-trace-debuginfo-3.0.101-0.47.106.19.1 kernel-trace-debugsource-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-0.47.106.19.1 kernel-ec2-debugsource-3.0.101-0.47.106.19.1 kernel-xen-debuginfo-3.0.101-0.47.106.19.1 kernel-xen-debugsource-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64): kernel-bigsmp-debuginfo-3.0.101-0.47.106.19.1 kernel-bigsmp-debugsource-3.0.101-0.47.106.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586): kernel-pae-debuginfo-3.0.101-0.47.106.19.1 kernel-pae-debugsource-3.0.101-0.47.106.19.1 References: https://www.suse.com/security/cve/CVE-2017-13215.html https://www.suse.com/security/cve/CVE-2017-17741.html https://www.suse.com/security/cve/CVE-2017-18017.html https://www.suse.com/security/cve/CVE-2017-18079.html https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-1000004.html https://www.suse.com/security/cve/CVE-2018-5332.html https://www.suse.com/security/cve/CVE-2018-5333.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1054305 https://bugzilla.suse.com/1060279 https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1068984 https://bugzilla.suse.com/1070781 https://bugzilla.suse.com/1073311 https://bugzilla.suse.com/1074488 https://bugzilla.suse.com/1074621 https://bugzilla.suse.com/1075091 https://bugzilla.suse.com/1075410 https://bugzilla.suse.com/1075617 https://bugzilla.suse.com/1075621 https://bugzilla.suse.com/1075908 https://bugzilla.suse.com/1075994 https://bugzilla.suse.com/1076017 https://bugzilla.suse.com/1076154 https://bugzilla.suse.com/1076278 https://bugzilla.suse.com/1076849 https://bugzilla.suse.com/1077406 https://bugzilla.suse.com/1077560 https://bugzilla.suse.com/1077922 - -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWqcT0Ix+lLeg9Ub1AQh51BAAnOspFoGYJj2uVlJnkt6Ucl+dKt68UL+F uUfCSJC7nQrEpGjU7wd8CikS8ciXURaT5t8AHsZSdF2VakvCKrhlx6CuczB3MqZp cctsqutxyFOgPP0rmND8NQMuEnKXdwQSP4wSIdipho9CGfg8g7zdbmHeGy1J67C3 Qopl0AEYzd/wkLML6NZlsNtxr6+67la/6H6wrc5l+zwszKcnq4HLQkiRx6Z9GCaI EyyTpQgPZqbJPN1ny4AgLoxYU/2bXnv3MEal+ycgvo9BsmyshkADLqS4cyQzbsK4 kMUPM6qaUqd8pCkMGdN0LVomiHc5nEWFPjb2Whbr6t7oAJTyADLuIwqiwuwmtO+u 5ee3T6fs6H61llVZTbjatHHLRsjUYb5bpXxoT2jwwPtJgDAbf2jStilqtRb7bSNo j727kIRy1Pv09FwFshHQaWI3z03DX43pRKUFP9gvNrJM2qOmYx1qy6j0D8OVzVAW EFRcjNKV/pzs1SR7eINqEBWJaKVTZIoMEUJjcJkjIgwU7OjeyjoNO6h4ScnIAG6/ SeSIR0MgN12Dnwg3Hi0B8gvEe/mkIOwwtmUinJ2L2PKxGvTjPARiV5SKRdOBbrkD IAp+t7LDO8+onyMtTLi72mAxH0eC+tZ9ONU7v1NBI+W/rz2+h8W2l6aIEdmelrG/ e/D8MG8sia8= =sZic -----END PGP SIGNATURE-----